1. PolicyLab and PolicyLabID
PolicyLab is a registered South African company (K2021582182) that owns and operates the PolicyLab.app website and related properties. PolicyLabID is a user account that allows users to access applications that are not available to the general public. A user is defined as an individual making use of the PolicyLab.app website and related domains and subdomains, whether or not that individual is registered with or signed-in to their PolicyLabID.
2. Data collection
2.1. User data
PolicyLab takes a privacy-first approach to the collection of user information, and does not collect any user account information aside from that necessary to enable secure access to PolicyLab and the PolicyLabID. Users registering for a PolicyLabID are required to provide a username of their choosing, a valid email address, and a password. No other information is required to register for a PolicyLabID. No user account information is permanently stored by PolicyLab except for the information listed in this paragraph.
2.2. Activity data
PolicyLab collects anonymised data on users and their activity on PolicyLab.app. Anonymised information collected includes, but is not limited to: the pages you visit on PolicyLab.app; the clicks and other actions taken on PolicyLab.app; the date, time and duration of a user’s visit; user’s anonymised IP address; information on the device used to connect to PolicyLab.app (including, but not limited to, the device type, operating system, screen size, and web browser type); and the country from which you are accessing PolicyLab.app.
2.3. Cookies
PolicyLab employs cookies to monitor the authentication status of users. Cookies are not used except in cases in which a user logs in to their PolicyLabID. PolicyLab does not use cookies for the collection of user analytics, the hosting of advertisements, or for any other purposes other than those explicitly defined herein. PolicyLab retains the right to employ cookies, provided this usage is suitably communicated to users. The user agrees that PolicyLab will not be held liable for the accidental use of cookies by PolicyLab or third party applications used in the PolicyLab.app website, provided due care is taken to avoid unknowingly collecting such data.
2.4. Systems data
User accept that additional data may be collected in the operation of PolicyLab’s systems, such as through records captured in error logs. PolicyLab endeavours to prevent the incidental capture of user data in this manner.
3. Data use
3.1. Authentication
User data is collected for authentication purposes. Users authorise PolicyLab to use their registered data as a means to identify and authenticate them when utilising PolicyLab or their PolicyLabID.
3.2. Communication
Users authorise PolicyLab to utilise their registered email to send communication relating to (1) confirmation of their registration on PolicyLab, (2) user-initiated attempts to reset their password, (3) changes to the user’s account, (4) changes to this terms of service or other PolicyLab policies of relevance to the user, (5) notifications of any breaches of user data privacy, and (6) other extraordinary circumstances as required by legal direction, or which can be fairly assessed as being in the best interest of the user.
PolicyLab will not use your registered email address to send marketing or other information regarding PolicyLab or any of PolicyLab’s partners or affiliates. Users registering for a PolicyLabID do not consent to join any mailing list or to receive unsolicited emails except those specified above. PolicyLab reserves the right to develop alternative channels to establish mailing lists or marketing communication, and may utilise the email associated with a PolicyLabID in cases in which users explicitly opt-in to such communication.
3.3. Sharing of data
PolicyLab will not share user data with any third parties, unless explicitly compelled to do so by a legal order. Third parties contracted to PolicyLab may temporarily access user data if it is necessary to the completion of their contracted work. PolicyLab requires any third parties gaining access to user data to commit to the same standards of data privacy detailed in this terms of service.
3.4. Metadata
Users authorise PolicyLab to disclose metadata on user data, provided this does not disclose any individual user’s user data. Metadata may be used in reporting on metrics such as the number of users registered on PolicyLab. Metadata analysis may include summary analysis of the specific email domains (such as inter alia .com, .co.za, .org, .edu, .gov.za) utilised by registered users.
4. Retention of data
PolicyLab will retain your information as long as your account is active, as necessary to provide you with the services or as otherwise set forth in this terms of service.
PolicyLab will delete user data in the following cases: (1) users explicitly request the deletion of their data via the ‘Delete account’ option on PolicyLab.app, (2) PoilcyLab.app ceases operations or discontinues the PolicyLabID authentication system or any similar systems, (3) users violate the terms of service or otherwise undertake conduct deemed inappropriate by PolicyLab, (4) on direction from a valid legal order, (5) in extraordinary circumstances, such as when PolicyLab reasonably believes there is a risk of user data becoming exposed or being otherwise compromised. PolicyLab does not monitor user account activity, such as logging in or out of the PolicyLabID, and therefore will not delete dormant accounts.
5. Third parties
The following third parties may have access to user data associated with PolicyLab.app.
Matomo Analytics provides PolicyLab with web analytics services and processes the following anonymised user information: User IP address (see also: IP anonymisation), Date and time of the request, Title of the page being viewed (Page Title), URL of the page being viewed (Page URL), URL of the page that was viewed prior to the current page (Referrer URL), Screen resolution being used, Time in local user’s timezone, Files that were clicked and downloaded (Download), Links to an outside domain that were clicked (Outlink), Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user: Page speed), Location of the user: country, region, city, approximate latitude and longitude (Geolocation), Main Language of the browser being used (Accept-Language header), User Agent of the browser being used (User-Agent header); and similar anonymised analytical information. Information on Matomo Analytics can be found at: https://matomo.org/
DigitalOcean provides PolicyLab with web server hosting and managed database services. DigitalOcean does not have direct access to any user data, but provides the infrastructure that PolicyLab uses to store and process user data. Data is stored in DigitalOcean’s LON1 data centre in London, United Kingdom. Information on DigitalOcean can be found at: https://www.digitalocean.com/
Google provides PolicyLab with email hosting services, and has access to information included in email communication between users and PolicyLab. Information on Google can be found at: https://about.google/
6. Contact
PolicyLab can be contacted on contact@policylab.co.za.